Feed aggregator

HowTo - OWSM 11g: Install OWSM on base Weblogic

Vikas Jain - Wed, 2010-06-30 14:56
If you have a vanilla Weblogic (WLS) environment with no Fusion Middleware components deployed such as SOA Suite, Webcenter, etc., and you have JAX-WS clients and web services deployed in such an enviornment, you can secure these clients and services using OWSM by following this guide for step-by-step instructions on how to set it up. These instructions will be included into official documentation in the near future.

Note that these are just install instructions, with no change or bearance to the licensing model. As of Jun 2010, OWSM is licensed only through SOA Suite, and doesn't come with a standalone license. In short, to secure your clients & services using OWSM on base Weblogic, you would need to acquire SOA Suite license on top of Weblogic license.


var docstoc_docid="45646770";var docstoc_title="How To install OWSM 11gR1 on base Weblogic";var docstoc_urltitle="How To install OWSM 11gR1 on base Weblogic"; How To install OWSM 11gR1 on base Weblogic
Thanks to Amit Gokhru for validating and documenting these instructions.

FAQ - Using HTTP token policies with OWSM

Vikas Jain - Wed, 2010-06-30 13:42
When using HTTP token policies with OWSM 11g, you may want to review the following to understand their implementation behavior.

What types of HTTP token policies are available?
Following pre-defined OWSM policies are available out-of-the-box.
Client policies: oracle/wss_http_token_client_policy, oracle/wss_http_token_over_ssl_client_policy
Service policies: oracle/wss_http_token_service_policy, oracle/wss_http_token_over_ssl_service_policy

What does HTTP token policies do?
On the client side, it adds base64 encoded username/password per the Basic Authentication scheme to the HTTP Authorization header according to RFC822 and RFC2617
For example, Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
On the service side, OWSM agent gets hold of this HTTP header, decodes the username/password, and uses it to authenticate against the configured identity store through OPSS login module and WLS authenticator. Additionally, if oracle/wss_http_token_over_ssl_service_policy is used, it checks if SSL connection was indeed used to connect to the service.

Is the HTTP Authorization header sent with every message? If not, how can I enable it to be sent with every message?
No. Oracle web services stack follows the challenge-response authentication mechanism wherein client doesn't send an authorization header in the initial request to which service responds back with a 401 (Unauthorized) HTTP message. Client then stuffs the Authorization header into the second request which is then processed by the service.
This default behavior can be altered such that the Authorization header is always sent by setting a property on the client side.
In the request context, set the property ClientConstants.PREEMPTIVE_BASIC_AUTH to true

How can I disable SOAP security header inclusion when using HTTP token with SSL client policy?
The out-of-box oracle/wss_http_token_over_ssl_client_policy policy is configured to include a timestamp element in the SOAP security header similar to below.
<code style="color:#000000;word-wrap:normal;"> <wsse:Security xmlns:wsse="<a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a>" env:mustUnderstand="1">  <br />      <wsu:Timestamp xmlns:wsu="<a href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a>" wsu:Id="Timestamp-oq2ulH1wHpSwkqAlKMaf5Q22">  <br />           <wsu:Created>2010-06-21T15:28:02Z</wsu:Created>  <br />           <wsu:Expires>2010-06-21T15:33:02Z</wsu:Expires>  <br />      </wsu:Timestamp>  <br /> </wsse:Security  <br /></code>

This can be disabled by modifying the client policy with timestamp attribute value set to false.
Note that oracle/wss_http_token_client_policy doesn't include the SOAP header.

The Art of Agile Development

Peter O'Brien - Tue, 2010-06-29 16:39
Keep this book to handThe Art of Agile Development was recommended to me by Jeff McKenna when he provided some Scrum coaching to those of us in the Dublin office working on Oracle Social CRM. Back then it was a new, hot off the press book, but I have recently reread it because I have found it useful in providing guidance on what to watch out for when changing agile development practices. This was necessary due to changes in teams and technologies as some of us focused full time on Fusion Applications. Practices, roles and responsibilities we had gotten used to had to be adapted or dropped to blend in with APM, Oracle Fusion Application's development methodology.

The book, by Shane Warden and James Shore, is a great introduction to agile development methodologies by covering both XP and scrum. Practical examples are generally from XP projects because that is where the authors have the greatest experience. The authors identify a broad set of practices that would be considered as characteristics of agile development methodologies in way or another. Recognising that it is very rare in most organisations to be able to follow an agile methodology completely as prescribed alternatives are mentioned, but not in every case. Shane and James are also very clear that many of these practices are often taking place at the same time in a software project rather than in a sequential waterfall methodology. However, categorising practices by what sort of activity and the nature of the activity give a very useful matrix for teams to analyse how agile their own practices are and perhaps identify areas where realistic improvements can be made. Just being able to have a label or term for a specific practice makes discussing within a group easier.

Download poster from James ShoreI see the collection of practices being grouped by nouns (planning, analysis, design & coding, testing, deployment) and verbs (thinking, collaborating, releasing, planning, developing). For example, when team members are working on implementing a specific feature that kind of collaboration is 'design & coding collaborating' and the section in the book covers some pair programming techniques. In fact, this particular section addresses the misconception that pair programming is a fulltime 'paired for life' regime. It is a useful tool that can be used for a few hours a day to make some significant progress, reduce interruptions, and spread the knowledge of how and why parts of the system being developed work.

Other useful techniques peppered through the book include the Agility Self Assessment and the many skill development routines, which the authors called 'etudes'. These are short exercises that may help in getting the feel for a more agile approach. When reading the chapters you might be thinking we don't have the development experience to let team members do organic, incremental architecture design, or implement thorough automated testing. I wonder how many people never complete the book because they do not believe they can carry out these changes and deliver software in a timely fashion. It's not until towards the end of the book that the authors address the reality of the mixed capabilities of the team. If this was at the beginning it might give the readers more staying power. The book does have some helpful advice on working with and around the politics, the mixture in experience levels, and heavy weight project management within your organisation. It has to be read in it's entirety though and does make for an excellent reference book to dip in and out of.
This article has been edited since it was first published.

Near-shore development in Tandil-Argentina

Marcelo Ochoa - Tue, 2010-06-29 09:30
This post is bit off topic about Oracle, but not at all.
I remember read by a first time the term near-shore development during OOW08 in a Information Week newsletter free at OTN Lounge.
Two years ago I see the increasing on development using this model in my City Tandil, 400Km far from Buenos Aires in Argentina.
Specially, I am working as external consultant with the company Temperies which was founded and growing in Tandil unlike other companies which are part of the Technology Park and came from Buenos Aires.
But why this market still growing in Tandil with well know economy changes?
First Why Tandil?

  • Is a very nice small city (130000 habitants) surrounded by hills where the quality of life makes the difference in term of productivity of the development team, this is one of the bigger difference against other Argentine cities such as Buenos Aires, Cordoba or Rosario. Any worker can get his workplace in less than five minutes walking.
  • Has a recognized University in Computer Science.
  • Is cheap to live here, so salaries are not so high.

Second Why Argentina?
  - Is a country with a big difference in term of US$/Euro exchange rate compared with another countries like Chile for example, and believe me when an near-shore project is evaluated this point is very important because with the same money you can do the project several times :)
  - Most of the computer science graduated and under-graduated students have very good knowledge of English.
  - The time zone of Argentine is in middle of Europe and US West coast, so projects can be perfectly managed around the team synchronization, if we work with San Francisco, we work during our afternoon, if we work with Germany, we work during our morning, and thats all.
Finally I want to remark that there are plenty of offers in term of Software Factories in Tandil, from small companies with 10 to 20 employees to big factories with more than one hundred employees to fit with every need.
As I set at the beginning of this post I am working with Temperies a mid-range Software Factory which, in addition to the list of goodness exposed previously, have an strong commitment with Agile practices, Oracle and a widely experience with success stories in near-shoring projects around the world, and obviously the CIOs are good friends of mine :)
Well if anybody want to go deeper in this area just drop me an email to marcelo.ochoa gmail.com or see you at the Oracle Open World in September.

Concepts Guide: 11/27 - Oracle Utilities

Charles Schultz - Fri, 2010-06-25 15:14
Wow, this chapter was hugely disappointing! I mean, it makes for a better sales pitch than technical introductions to useful features. I believe I could summarize this chapter using a pseudo-code:


products[] = getListofProducts();
foreach product in products[]
do
printHeader "Overview of $product"
print "$product is a powerful utility to manage your data quickly"
end



What is even more disappointing is that I have used all of these features/products (with the exception of the Data Pump API) and know first-hand that they are all quite useful and handy. DataPump in particular is blazingly fast at moving raw data (but amazingly slow with the subsequent ddl like indexes and stats). I mean, I could go on and say a number of excellent things about these products and the specific "things" they do, and only scratch the surface at that, and I would have surpassed what is covered in the Concepts Guide.

The one thing I did learn was that I did not realize DBID could be used to set the DBNAME. I'll have to get that a try sometime.

Woot, two chapters in one day!

Concepts Guide: 10/27 - Application Architecture

Charles Schultz - Fri, 2010-06-25 14:57
Again, I am struck by the archaic terminology (minicomputers and mainframes?). In a way, I guess the fact that the underlying technologies have not changed all that much speaks to the stability of those particular designs. And that's a good thing, right?

The architecture described in the first few pages is interesting. With a title like "Application Architecture", I was mislead into thinking this chapter was more about the application, but rather it is the fundamental pieces that Oracle has built to interface with various applications. I am a bit cautious about the apparent benefits of scaling vertically and horizonatally; obviously, everyone wants the option to scale if needed. While Vertical scaling seems to be the most common solution, I am a bit discouraged how hard Oracle PR has pushed Horizontal scaling in the form of RAC, almost as if it were a panacea for all functional and performance issues. But I digress.

I was excited to see the section "How Oracle Net Services work". As with previous technical material in this document, I was again disappointed with the high-level summary provided, instead of the real nuts and bolts. Ironically, in light of the coverage, I was surprised to find mention of "industry-standard higher level protocols"; seems to be a bit of bandwidth to advertise how compliant they are. I would think the reader would be more interested in the details that specifically relate to how Oracle talks to itself, leaving the underlying transports systems for a book of another scope. The whole point of an API is to abrstract out the details that one does not really care about. So I was glad to move on to the next section about the Listener and Services.

Yet my concern did not stop there. Check out this quote from the Listener section:
When multiple databases or instances run on one computer, as in Real Application Clusters, service names enable instances to register automatically with other listeners on the same computer. A service name can identify multiple instances, and an instance can belong to multiple services. Clients connecting to a service do not have to specify which instance they require.

Wow. Ok, so RAC runs on one computer?!? Since when? I have to admit that I am greatly impressed by how PMON communicates not only with the local listener, but also remote listeners on different computers. But there is no mention of local_listener, remote_listeners or how those play a huge role. Worse, "services" have not even been covered in sufficient detail yet; it would probably help to point out that while a service may map to multiple instances, all such instances must be part of the same database. Regardless, I have to repeat that I am duly impressed by the slickness we call "services" (head nod to Jeremy Schneider for his paper on making it a little more public). If only more beans were spilled out of the can here in the Concepts Guide.

And then the chapter ends right there. Egads! 6 pages covers Application Architecture?!?

Live Event: Oracle Enterprise Linux Configuration and Diagnostic Tips & Tricks

Sergio's Blog - Thu, 2010-06-24 02:34
On Monday June 28 at 9am PDT, our very own Greg Marsden, Senior Development Manager, will host a webcast on Oracle Enterprise Linux best practices for data center deployments. I highly recommend this session. Register here.
Categories: DBA Blogs

HowTo - OWSM 11g: Prevent PII data leakage in Oracle SOA composites

Vikas Jain - Wed, 2010-06-23 17:07
When SOA endpoint is protected using OWSM service policy, then message can be decrypted, but after that if the message contain PII attributes, they can end up in clear in logs and instance viewer in the console.
To provide security for prevention of such PII data leakage, there is an OWSM custom policy assertion available written by Robin Zimmermann and Rakesh Saha that allows selective attribute encryption within the application, and then decrypt it on the way out before it's re-encrypted using the OWSM client side policy.
See https://owsm-11g-custom-assertions.samplecode.oracle.com/

btw, Oracle BPEL 10g provided a feature for obfuscating attribute data. This solution is better than that approach as it uses digital encryption instead of obfuscation technique, and is policy based.

SQL Overlap Test

Tony Andrews - Wed, 2010-06-23 05:20
Many times I come across SQL where the developer is trying to check for overlap between two ranges (usually date ranges, but sometimes numbers). For example, to meet the requirement "select all employees whose hired from and to dates overlap with the project start and end dates".The developer sketches out all the possible overlap scenarios and finds four:1) End of range A overlaps start of rangeTony Andrewshttp://www.blogger.com/profile/16750945985361011515noreply@blogger.com1http://tonyandrews.blogspot.com/2010/06/sql-overlap-test.html

Updating apex.oracle.com Side-effects

David Peake - Mon, 2010-06-21 13:37
As Joel Kallman posted apex.oracle.com upgraded to APEX 4.0, version 4.0.0.00.46. To do this we ran a one-off patch on apex.oracle.com.

This patch caused the Websheet Data Grids and Reports to be lost.
Therefore, if you had defined a Data Grid or SQL Report previously, you will need to recreate them. This information can't be recovered.

We apologize for any inconvenience this may have caused.

Rest assured that this was caused by the one-off patch and will have no impact on the APEX 4.0 Production Release once available, or any future patches or releases.

Cheers,
David

Be inspired today

Michael Armstrong-Smith - Mon, 2010-06-21 00:11
This truly inspirational clip makes me proud to hail from Liverpool. I hope you enjoy it and if you do please pass it on and make someones's day.

Be inspired and go on and inspire someone else.

Oracle enhanced adapter 1.3.0 is Rails 3 compatible

Raimonds Simanovskis - Sun, 2010-06-20 16:00

Rails 3 is in final finishing stage (currently in beta4) and therefore I released new Oracle enhanced adapter version 1.3.0 which I was working on during last months.

Rails 3 compatibility
rails3.gif

The major enhancement is that Oracle enhanced adapter is now compatible with Rails 3. To achieve that I also developed Oracle SQL compiler for Arel gem which is used now by ActiveRecord to generate SQL statements. When using Oracle enhanced adapter with Rails 3 you will notice several major changes:

  • Table and column names are always quoted and in uppercase to avoid the need for checking Oracle reserved words.
    E.g. now Post.all will generate query
    SELECT "POSTS".* FROM "POSTS"
    
  • Better support for limit and offset options (when possible just ROWNUM condition in WHERE clause is used without using subqueries).
    E.g. Post.first (or Post.limit(1)) will generate query
    SELECT "POSTS".* FROM "POSTS" WHERE ROWNUM <= 1
    
    but Post.limit(1).offset(1) will generate
    select * from (select raw_sql_.*, rownum raw_rnum_
      from (SELECT "EMPLOYEES".* FROM "EMPLOYEES") raw_sql_ where rownum <= 2)
      where raw_rnum_ > 1
    

When using Oracle enhanced adapter with current version of Rails 3 and Arel it is necessary to turn on table and column caching option in all environments as otherwise Arel gem will cause very many SQL queries on data dictionary tables on each request. To achieve that you need to include in some initializer file:

ActiveRecord::ConnectionAdapters::OracleEnhancedAdapter.cache_columns = true

I have published simple Rails 3 demo application using Rails 3 and Oracle enhanced adapter. You can take a look at Gemfile and Oracle initializer file to see examples how to configure Oracle enhanced adapter with Rails 3.

Rails 2.3 compatibility

Oracle enhanced adapter version 1.3.0 is still compatible with Rails 2.3 (I am testing it against Rails 2.3.5 and 2.3.8) and it is recommended to upgrade if you are on Rails 2.3 and plan to upgrade to Rails 3.0 later. But if you are still on Rails 2.2 or earlier then there might be issues with Oracle enhanced adapter 1.3.0 as I am using some Rails methods which appeared just in Rails 2.3 – so in this case it might be safer to stay on previous Oracle enhanced adapter version 1.2.4 until you upgrade to latest Rails version.

Oracle CONTEXT index support

Every edition of Oracle database includes Oracle Text option for free which provides different full text indexing capabilities. Therefore in Oracle database case you don’t need external full text indexing and searching engines which can simplify your application deployment architecture.

The most commonly used index type is CONTEXT index which can be used for efficient full text search. Most of CONTEXT index creation examples show how to create simple full text index on one table and one column. But if you want to create more complex full text indexes on multiple columns or even on multiple tables and columns then you need to write your custom procedures and custom index refreshing logic.

Therefore to make creation of more complex full text indexes easier I have created additional add_context_index and remove_context_index methods that can be used in migrations and which creates additional stored procedures and triggers when needed in standardized way.

This is how you can create simple single column index:

add_context_index :posts, :title

And you can perform search using this index with

Post.contains(:title, 'word')

This is how you create index on several columns (which will generate additional stored procedure for providing XML document with specified columns to indexer):

add_context_index :posts, [:title, :body]

And you can search either in all columns or specify in which column you want to search (as first argument you need to specify first column name as this is the column which is referenced during index creation):

Post.contains(:title, 'word')
Post.contains(:title, 'word within title')
Post.contains(:title, 'word within body')

See Oracle Text documentation for syntax that you can use in CONTAINS function in SELECT WHERE clause.

You can also specify some dummy main column name when creating multiple column index as well as specify to update index automatically after each commit (as otherwise you need to synchronize index manually or schedule periodic update):

add_context_index :posts, [:title, :body], :index_column => :all_text,
  :sync => 'ON COMMIT'
Post.contains(:all_text, 'word')

Or you can specify that index should be updated when specified columns are updated (e.g. in ActiveRecord you can specify to trigger index update when created_at or updated_at columns are updated). Otherwise index is updated only when main index column is updated.

add_context_index :posts, [:title, :body], :index_column => :all_text,
  :sync => 'ON COMMIT', :index_column_trigger_on => [:created_at, :updated_at]

And you can even create index on multiple tables by providing SELECT statements which should be used to fetch necessary columns from related tables:

add_context_index :posts,
  [:title, :body,
  # specify aliases always with AS keyword
  "SELECT comments.author AS comment_author, comments.body AS comment_body FROM comments WHERE comments.post_id = :id"
  ],
  :name => 'post_and_comments_index',
  :index_column => :all_text,
  :index_column_trigger_on => [:updated_at, :comments_count],
  :sync => 'ON COMMIT'
# search in any table columns
Post.contains(:all_text, 'word')
# search in specified column
Post.contains(:all_text, "aaa within title")
Post.contains(:all_text, "bbb within comment_author")

In terms of Oracle Text performance in most cases it is good enough (typical response in not more that hundreds of milliseconds). But from my experience it is still slower compared to dedicated full text search engines like Sphinx. So in case if Oracle Text performance is not good enough (if you need all search operations return in tens of milliseconds) then you probably need to evaluate dedicated search engines like Sphinx or Lucene.

Other changes

Please see change history file or commit list to see more detailed list of changes in this version.

Install

As always you can install Oracle enhanced adapter on any Ruby platform (Ruby 1.8.7 or Ruby 1.9.1/1.9.2 or JRuby) with

gem install activerecord-oracle_enhanced-adapter

If you have any questions please use discussion group or report issues at GitHub or post comments here.

Categories: Development

New APEX Listener Forum Now Available

David Peake - Fri, 2010-06-18 12:44
We have created a new OTN Forum just for the APEX Listener: http://forums.oracle.com/forums/forum.jspa?forumID=858&start=0

We thought it best to separate this forum from the regular APEX Forum as the APEX Listener will have unique posts and to make it easier for all to review.

David

Support for Discoverer

Michael Armstrong-Smith - Fri, 2010-06-18 11:59
As you probably know, if you are using Discoverer 3 or Discoverer 4 Oracle no longer provides support for these. I've seen a lot of folks recently who are still on these older versions and who are now out of support.

I wanted to let you know that I am able to offer remote support using gotomeeting for troubleshooting issues. I can connect to your system and help diagnose problems. In most cases we can get issues resolved within an hour.

Obviously there is a fee for this service but if you are really stuck and need help who you going to turn to?

Sending me an email is probably the simplest method of getting started. Click here to send an email.

Compile forms in Release 12

Famy Rasheed - Fri, 2010-06-18 10:44

Bissantz DeltaMaster - Cool Tool for OLAP

Keith Laker - Fri, 2010-06-18 09:56

I recently returned from a trip to Germany where visted a Bissantz, a relatively small company in Nürnburg that develops and markets an interesting reporting and data visualization tool named DeltaMaster that works with Oracle OLAP (and other data sources). I was very impressed with this tool. There are few things that I really liked about it:

  • It's very good at displaying a lot of information within a single report. One of the ways that it does this is by mixing graphical representations of data with numerical representation (they are very big on something called 'Sparklines'). This makes it very easy to create a single report that includes data on, for example, sales for the current quarter but also provides indications of sales trends and shares.

  • The presentation of data is very clean. While the reports themselves are very sophisticated, the developers have done a terrific job of presenting them to users. The presentation tends to be more functional than fluffy, but it's done very well. It is easy on the eyes.

  • DeltaMaster goes way beyond basic cross tabs and charts. There are prebuilt reports / analysis templates for rankings, concentration analysis, portfolio analysis, etc. There's quite a few different types of pre-built analysis and I won't try to do justice to them here. See for yourself.

  • It works better on OLAP than tables. I'm obviously biased when it comes to this topic, but for the end user this means more analytic power and flexibility.

Below is a concentration analysis report. This is along the lines of a Pareto chart. There are many different types of built-in analysis, but this one looks nice in the confined space of this blog's page.




Here are some links:

The DeltaMaster page at Bissantz: http://www.bissantz.com/products/

A clever blog by Bella, the Bissantz company dog: http://www.bella-consults.com/

Bella, if you happen to find your way to this blog, here's a 'hello' from Henry (the OLAP product manager's dog).







Categories: BI & Warehousing

Please vote for my Ruby session proposals at Oracle OpenWorld

Raimonds Simanovskis - Wed, 2010-06-16 16:00

oow2010.pngI am trying to tell more people at Oracle OpenWorld about Ruby and Rails and how it can be used with Oracle database. Unfortunately my session proposals were rejected by organizers but now there is a second chance to propose sessions at mix.oracle.com and top voted sessions will be accepted for conference. But currently my proposed sessions do not have enough votes :(

I would be grateful if my blog readers and Ruby on Oracle supporters would vote for my sessions Fast Web Applications Development with Ruby on Rails on Oracle and PL/SQL Unit Testing Can Be Fun!.

You need to log in to mix.oracle.com with your oracle.com login (or you should create new one if you don’t have it). And also you need to vote for at least one more session as well (as votes are counted if you have voted for at least 3 sessions). Voting should be done until end of this week (June 20).

And if you have other oracle_enhanced or ruby-plsql users in your
organization then please ask their support as well :)

Thanks in advance!

Categories: Development

Pages

Subscribe to Oracle FAQ aggregator